On Wed, Jan 18, 2006 at 02:32:16PM -0500, Hugo Villeneuve wrote:
| On Wed, Jan 18, 2006 at 10:29:34AM -0600, eric wrote:
| > On Wed, 2006-01-18 at 00:18:23 -0600, Travers Buda proclaimed...
| >
| > > I'm suggesting it as the default behavior. Ya' know, secure by default.
| >
| > hostname.if(5) support eui-64 directives.
|
| eui64 fills the lower 64 bits the same way auto-configuration does
| it. It has nothing to do with random.
|
| It basically allow you to specify the network and have the interface
| part filled for you. Like if you didn't want to run rtadvd(8) on
| your network.
|
| For me, that's how I give an real ipv6 address to the interface
| rtadvd is listening on.
|
| Not that I care about random data in the interface part. In fact,
| I would found it quite anoying if my ipv6 address were changing at
| every reboot. Like DNS wise.
Reading RFC3041 on Privacy Extensions for Stateless Address
Autoconfiguration in IPv6, in chapter 3 it clearly states that you
still have a fixed IP address (eui64) configured on your interface for
incoming connections. Only outgoing connections should be setup from
the temporary addresses (that should be used for hours to days). After
deprecating a random address, existing connections will continue
working until such a time that all these connections end.
With that being said, I still find the random addresses such as those
used by recent Microsoft IPv6 stacks very annoying. If I'd want to
keep my MAC address to myself, I'd probably just use a 'fixed' address
(<network>:dead:beef:cafe:babe/64>) or, better yet, just spoof a MAC
address (using the lladdr option to ifconfig) - this way even folks on
the same broadcast domain couldn't pinpoint me by MAC (another
fruitless attempt at privacy, with pcmcia NIC's (and thus "new"
MAC/IPv6-addresses) costing almost EUR 10 at the local hardware
outlet).
I'd just stop obsessing over a feature that adds only marginally to
your privacy and/or security (since it adds code, it probably adds
bugs thereby decreasing security). If it's really such a big deal,
simply cough up a few diffs and I'd be willing to try them out.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
